Get Live Chat Request a Callback Get live demo

← Back

Ransomware attacks the California Health System with claims of 17 million patient records stolen

Business

Disclaimer: This blog article was written by an AdvancedMD partner. The views and opinions expressed in this article are those of the author(s) and do not necessarily reflect the official policy or position of AdvancedMD.

PIH Health in California was hit with a ransomware attack which severely impacted its computer and telephone systems. The attack forced the hospital to activate their downtime contingency plan, which are the procedures followed to maintain the ability to provide patient care in the event of a computer outage. This typically involves going back to recording patient information on paper for later entry into the computer systems when they are back online.

It is important to note that going back to paper can result in additional workload for staff and delays and inconveniences for patients. But what if there was not a downtime contingency plan in place?

Imagine if your systems went down, how would you continue to function during the time your computers are not available.

  • Do you have a plan in place?
  • Have you tested the plan to make sure it will work when needed?
  • What paper forms might you need to best record information from patient encounters during this down time?
  • Are the forms optimized to allow your staff to be as effective as possible in both providing and documenting patient care?
  • Are the forms optimized to allow your billing team to review the records so that you are reimbursed for the services you provide during the downtime?

Computer downtime can present challenges in terms of providing quality care, and it also presents challenges in terms of finances for your practice. Having a downtime contingency plan and TESTING it is vital to get through events of this nature with minimum disruption to your practice.

In this instance the attack on PIH Health also impacted their phone systems. Luckily not all facilities associated with the health care system had phone disruptions and they were able to re-route calls. This event and the ability of PIH Health to mitigate the impact of the phone system outage reminds us that our downtime contingency plan must also include plans on what to do if we lose access to our practice telephone system.

When you develop and review the plans for your practice you should have separate downtime plans for each system in your practice including your EHR, billing, and phone. What about other vital devices and equipment at your practice including your autoclave and digital imaging systems?

When we learn about events of this nature happening to somebody else it is a good time to look at what we are doing and evaluate how we might respond if that happened to us. Have you identified all vital systems for your practice and do you have contingency plans for each system? Downtime contingency planning for systems that involve patient information is a vital part of your HIPAA risk mitigation strategy. Being prepared for disasters involves much more than protecting your data; it involves protecting your patients and your practice as well.

If you need assistance with developing your downtime contingency plans or any other aspects of HIPAA compliance, please contact TLD Systems at:

https://www.tldsystems.com
phone: (631) 403 6687
email:  [email protected]



Avatar photo
Michael Brody, DPM
Dr. Brody has been actively involved in computers and medicine since the 1980s. He is a Residency Director at a VA hospital located in Long Island, NY. Notably, he was present as the VA moved from paper records to computerized records. During this time, he was exposed to the stringent rules and regulations that government employees must adhere to when protecting patient information. He co-founded TLD Systems with Warren Melnick. They wanted to create a platform for private practice doctors that provides a cost-effective method of implementing HIPAA compliance in their practices. He has served on the Health Information Technology Standards Panel (HITSP), the Standards and Interoperability Framework (S&I), as a member of the Ambulatory Care Committee at the Certification Commission on Health Information Technology (CCHIT), and numerous other organizations. He is currently a member of the Physicians Committee at the Healthcare Information and Management Systems Society (HIMSS) and a co-chair of the EHR workgroup at Health Level Seven International (HL7). He co-founded TLD Systems with Warren Melnick to create a platform that doctors who wish to work in private practice have a cost-effective method of implementing HIPAA compliance in their practices in a manner that does not interfere with their ability to practice medicine. He has served on the Health Information Technology Standards Panel (HITSP), the Standards and Interoperability Framework (S&I), as a member of the Ambulatory Care Committee at the Certification Commission on Health Information Technology (CCHIT), and numerous other organizations. He is currently a member of the Physicians Committee at the Healthcare Information and Management Systems Society (HIMSS) and a co-Chair of the EHR workgroup at Health Level Seven International (HL7)

Topic: Business


Other Resources Related to This Topic


Business

2025 CPT/HCPCS Codebook

Enjoy our comprehensive codebook for 2025. Inside you’ll find all the CPT and HCPCS codes...

Business

Top 10 Hacks for Improving Profitability

For many physicians, independent practice actually is everything it’s cracked up to be – on...

Business

Vineyard Free Health Clinic

Meet Sammy Bockoven, clinical coordinator who manages The Vineyard Free Health Clinic in Columbus, Ohio....